[3.7] python2: Multiple vulnerabilities (CVE-2018-1060, CVE-2018-1061)
CVE-2018-1060: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
pop3lib’s apop() method although limited by 2048 chars, can lead to
denial of service.
Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
References:
https://bugs.python.org/issue32981
https://nvd.nist.gov/vuln/detail/CVE-2018-1060
CVE-2018-1061: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
difflib.IS_LINE_JUNK method in servers that use difflib can lead to
denial of service.
Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
Reference:
https://bugs.python.org/issue32981
(from redmine: issue id 9269, created on 2018-08-17, closed on 2018-08-23)
- Relations:
- copied_to #9268 (closed)
- parent #9268 (closed)
- Changesets:
- Revision 25ab1f44 on 2018-08-22T13:23:25Z:
main/python2: security upgrade to 2.7.15 (CVE-2018-1060, CVE-2018-1061)
Fixes #9269
- Revision bb7e90cb on 2018-08-22T14:19:42Z:
main/python3: security upgrade to 3.6.5 (CVE-2018-1060, CVE-2018-1061)
Fixes #9269